Large scale networks are typically composed of two types of networks, an edge (or access) network and a backbone network. An edge network provides network connectivity to user devices or hosts while the backbone network connects two or more edge networks together. Examples for large scale networks are cloud computing platforms, data centers, service provider networks, and the like. The architecture of a large scale network is constructed as a multi-tiered network including a backbone network as a main (root) tier and a plurality of the edge networks which are child tier connected to a main tier. Typically, there is one backbone network and many edge networks that are connected thereto. The edge networks may be connected in a tiered architecture as well.
There are some unique properties for large-scale networks. One such property is that the network resources can reside in many different places. As an example, for server cloud computing applications, a large number of data centers or servers collaborate to provide services to clients. Furthermore, in such type of networks the resource availability is dynamic due to the changing network condition, network activities, and applications. In addition, services provided by servers and/or data centers are not homogeneous, but rather such services are rich and diverse.
The properties and architecture of large-scale networks pose certain challenges in protecting the network's resources against cyber threats, in particular denial of service (DoS) and distributed DoS (DDoS) attacks. The challenges result from the many resources and services included in such a network, collaboration between resources, and the dynamic services provided by such networks. The complexity of cyber-attacks plays a major role here as DoS/DDoS attack campaigns are more sophisticated and aggressive.
A straightforward solution is to deploy detection/mitigation systems in the edge and backbone networks. The systems are typically deployed in a peer of each edge network and in various peers of the backbone networks or at pre-defined scrubbing centers. The types and security capabilities of the detection/mitigation systems to be deployed and their locations are predetermined and static. In order to ensure mitigation and/or detection, high capacity and capabilities systems typically deployed in the backbone network are deployed in the edge networks. This causes underutilization of valuable and expensive mitigation resources. Further, high capacity mitigation systems are typically expensive. This effects the return on investment (ROI) of the service providers as customers cannot recap the costs of such high capacity mitigation/detection systems.
Furthermore, due to the static nature of the current solutions to detect and mitigate cyber-attacks in large scale networks, such solutions are not scalable and cannot be adapted to changes in the architecture and/or resources' allocations in the networks in an efficient way. Furthermore, such solutions are not dynamic and cannot be adapted to dynamically changed cyber-attacks patterns and the dynamics of modern networks and applications. As an example, in a client cloud computing infrastructure, resources (e.g., virtual machines) can be turned on and off in an unpredictable fashion and position in the cloud network.
Thus, in order to allow efficient and cost effective protection against cyber threats, it would be advantageous to provide a reliable, robust, and scalable solution that efficiently and dynamically detects and mitigates cyber threats. It would be further advantageous if the proposed solutions would efficiently manage mitigation and detection resources in a centralized network-wide manner.